> Let me try this again: if you're building an absolute-bare-minimum
> MMU, I contend that you need a way to cause a trap or fault on access
> to an arbitrary location -- whether the result of that trap or fault
> is going to be to page or swap, I care not -- and a way to restart
> what you were doing at the same instruction after you service the
> trap or fault.
If you are *only* going for interprocess protection, you don't need to
restart instructions, mostly. The one exception is the stack segment,
which you generally would like to be able to allocate small and grow
on demand. A common solution to that is to have part of the function preable
be a specific instruction to touch the deepest stack address a function will
use; then when the kernel sees a bad-address fault which is a plausible
distance beyond the current top-of-stack and is the particular instruction,
you grow the stack and just resume after the faulting instruction. That
trick makes big stack frames (and alloca()) tricky, however.